单点登录 keycloak 傻瓜教程
- 作者:DecaMinCow
- 博客:http://blog.csdn.net/m0_37567301
- 邮箱:decamincow#gmail.com (#->@)
拉起环境
# 拉取镜像
docker pull jboss/keycloak
# 方案一、设置 mysql 为数据库
# 注意需要提前创建数据库,默认名称为(keycloak)
# 指定现有数据库,默认管理员密码
docker run -d --name keycloak \
-p 8899:8080 \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
-e DB_VENDOR=MYSQL \
-e DB_ADDR=192.168.1.2 \
-e DB_USER=tz \
-e DB_PASSWORD=123456 \
-e DB_PORT=3306 \
-e DB_DATABASE=keycloak \
-e JDBC_PARAMS='connectTimeout=30000&autoReconnect=true&useSSL=false' jboss/keycloak:10.0.0
# 方案二、默认 H2 数据库
docker run -d --name keycloak \
-p 8899:8080 \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
jboss/keycloak:10.0.0
后台设置
创建领域
- 创建领域名称 demo
- 可在主题菜单下设置多语言
创建客户端
- 创建 my-client1
- 访问类型设置 confiential
- 授权已启用选项打开
- 有效重定向URI设置:http://localhost/*
- 凭据中创建客户端认证器:Client Id and Secret
创建用户
- 创建用户 decamincow
- 重置密码并把临时选项关闭
请求测试
请求 token
curl --location --request POST 'http://localhost:8899/auth/realms/demo/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=my-login' \
--data-urlencode 'client_secret=dbc9942b-5139-4a03-9fad-6d9e23edf13c' \
或者
curl --location --request POST 'http://localhost:8899/auth/realms/demo/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=my-login' \
--data-urlencode 'client_secret=dbc9942b-5139-4a03-9fad-6d9e23edf13c' \
--data-urlencode 'username=decamincow' \
--data-urlencode 'password=123456'
获取 token
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJLS3c2SUExUG0ycU4yZW40QjEzcjY0YlBPQTJwTmV0OU5INVhWSkZBMjBrIn0.eyJleHAiOjE1OTkxMzI5MjgsImlhdCI6MTU5OTEzMjYyOCwianRpIjoiZTQxOWViMTEtOWVkOC00OTc4LThhZWItYTY0ZDc3ZDkwYjhhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4ODk5L2F1dGgvcmVhbG1zL2RlbW8iLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMmNlMTI0NzMtYmE5ZS00ZWJkLWIxOGQtZDU3MDY4MTg5ZWUxIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibXktbG9naW4iLCJzZXNzaW9uX3N0YXRlIjoiZGJmMGZhNTAtZWFlMi00ZTE0LWJlNmItZjk1YWZkZmJmMGRhIiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJteS1yb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im15LWxvZ2luIjp7InJvbGVzIjpbInVtYV9wcm90ZWN0aW9uIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwiY2xpZW50SWQiOiJteS1sb2dpbiIsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1teS1sb2dpbiIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTcuMC4xIn0.XSBM2E8QInHP32GBAkXvo0eT3Yf72IH-TA1VFbyNLI8f56dlBOspEXG-jq-pH0AemwmUg5ojoq7_yra0QH8WdynQHyrk6V2bCM5ukvyYiEgWIiHGP-B73AekyYmUBh_luM5KYr88RIFN9_TDM2zC6xHiu8ldYJ2ViUYePltjR-jnXOlC-Oej3hNXU15sFgmZv8-FRyDx_hF0T2poV5_CbHzdVK99ttWz3lhwoQ7EA4qXqjzG2C9NZ-7_X1CI3rVSNR5jNxdSUsS5oem9GgkDLh_d0FyiLLurnUUfstrZbpP6UJOubDVn7tW6ppvT3dYIGs2oK6Dbg5ZF74j7a6IZvQ",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4MmIwNDRiMS0zNGViLTQxY2UtOWViMC02OTgxNmFjYTBhM2QifQ.eyJleHAiOjE1OTkxMzQ0MjgsImlhdCI6MTU5OTEzMjYyOCwianRpIjoiNTY3OTg3YjctOWU0Mi00MDVmLWE0ZGEtMzcwZTZjNjNjOTViIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4ODk5L2F1dGgvcmVhbG1zL2RlbW8iLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0Ojg4OTkvYXV0aC9yZWFsbXMvZGVtbyIsInN1YiI6IjJjZTEyNDczLWJhOWUtNGViZC1iMThkLWQ1NzA2ODE4OWVlMSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJteS1sb2dpbiIsInNlc3Npb25fc3RhdGUiOiJkYmYwZmE1MC1lYWUyLTRlMTQtYmU2Yi1mOTVhZmRmYmYwZGEiLCJzY29wZSI6InByb2ZpbGUgZW1haWwifQ.ne1v3zJxTXe2jOvG8FWEehD3d0bkwGj3mn7fdN3yWTg",
"token_type": "bearer",
"not-before-policy": 1599131841,
"session_state": "dbf0fa50-eae2-4e14-be6b-f95afdfbf0da",
"scope": "profile email"
}
使用 token 获取资源
curl --location --request GET 'http://localhost.charlesproxy.com:8080/protected/premium' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJLS3c2SUExUG0ycU4yZW40QjEzcjY0YlBPQTJwTmV0OU5INVhWSkZBMjBrIn0.eyJleHAiOjE1OTkxODYxMTEsImlhdCI6MTU5OTE4NTgxMSwianRpIjoiYTIzOWU4MjItNWQ5Ny00ZGIzLTkxNjAtNmE5YTMzOWM5ODAyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdC5jaGFybGVzcHJveHkuY29tOjg4OTkvYXV0aC9yZWFsbXMvZGVtbyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI3NzUyY2U4ZS1mOGJhLTRkOTItYWE1NS0xMzhjYWVhOWFiYjAiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJteS1sb2dpbiIsInNlc3Npb25fc3RhdGUiOiI3MGFhNzEyNi02OTQzLTRjNTctYmFiMi1hMjBlNDllZDVmYjkiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm15LXJvbGUiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiZGVjYW1pbmNvdyIsImxvY2FsZSI6InpoLUNOIn0.LX1OvytNsqLNSsJDkIZKkRAOfInBKUKgVLBmKwZMBtAZwnTwwXzXUXfnmx0FgJrPCtfVXWSqnDW4dl7uwnpduT1gYS0Ai10K0Ip_CL4Hs5C-QuEcOv7Ywgx_X_80XZg_9UKSnlcb_Fs7pPUhu1LUex7LGse1gSfbhE_eVZY5qZCzJT2eZ97lIRIMII7rh6_ZcsxnXBvWl9wqpnrKnHgwGk86CB_Vwx9KACHxQx19F0ZThbabyaSFgS4J6_B3W1Yvyc6mlNXwz8_-zlERKQzNtt5uphn1iAbc2gN6kcZ2zB1S5pnhH6wrEBybgVoeunmcwGBwLefzJxiGir2ulxS84A' \
--header 'Cookie: JSESSIONID=807DA95727863A725927C312146083B8'
接口
获取服务器配置信息接口
http://localhost:8899/auth/realms/demo/.well-known/openid-configuration